Friday, 27 April 2012

Insanity: CISPA Just Got Way Worse, And Then Passed On Rushed Vote

from the this-is-crazy dept

Up until this afternoon, the final vote on CISPA was supposed to be tomorrow. Then, abruptly, it was moved up today—and the House voted in favor of its passage with a vote of 248-168. But that's not even the worst part.

The vote followed the debate on amendments, several of which were passed. Among them was an absolutely terrible change (pdf and embedded below—scroll to amendment #6) to the definition of what the government can do with shared information, put forth by Rep. Quayle. Astonishingly, it was described as limiting the government's power, even though it in fact expands it by adding more items to the list of acceptable purposes for which shared information can be used. Even more astonishingly, it passed with a near-unanimous vote. The CISPA that was just approved by the House is much worse than the CISPA being discussed as recently as this morning.

Previously, CISPA allowed the government to use information for "cybersecurity" or "national security" purposes. Those purposes have not been limited or removed. Instead, three more valid uses have been added: investigation and prosecution of cybersecurity crime, protection of individuals, and protection of children. Cybersecurity crime is defined as any crime involving network disruption or hacking, plus any violation of the CFAA.

Basically this means CISPA can no longer be called a cybersecurity bill at all. The government would be able to search information it collects under CISPA for the purposes of investigating American citizens with complete immunity from all privacy protections as long as they can claim someone committed a "cybersecurity crime". Basically it says the 4th Amendment does not apply online, at all. Moreover, the government could do whatever it wants with the data as long as it can claim that someone was in danger of bodily harm, or that children were somehow threatened—again, notwithstanding absolutely any other law that would normally limit the government's power.

Somehow, incredibly, this was described as limiting CISPA, but it accomplishes the exact opposite. This is very, very bad.

There were some good amendments adopted too—clarifying some definitions, including the fact that merely violating a TOS does not constitute unauthorized network access—but frankly none of them matter in the light of this change. CISPA is now a completely unsupportable bill that rewrites (and effectively eliminates) all privacy laws for any situation that involves a computer. Far from the defense against malevolent foreign entities that the bill was described as by its authors, it is now an explicit attack on the freedoms of every American.